In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard.
Metrics
Affected Vendors & Products
References
History
Wed, 16 Oct 2024 22:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Splunk splunk
|
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:* | |
Vendors & Products |
Splunk splunk
|
Tue, 15 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Splunk
Splunk splunk Enterprise |
|
CPEs | cpe:2.3:a:splunk:splunk_enterprise:*:*:*:*:*:*:*:* | |
Vendors & Products |
Splunk
Splunk splunk Enterprise |
|
Metrics |
ssvc
|
Mon, 14 Oct 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In Splunk Enterprise versions 9.3.0, 9.2.3, and 9.1.6, a low-privileged user that does not hold the "admin" or "power" Splunk roles could view images on the machine that runs Splunk Enterprise by using the PDF export feature in Splunk classic dashboards. The images on the machine could be exposed by exporting the dashboard as a PDF, using the local image path in the img tag in the source extensible markup language (XML) code for the Splunk classic dashboard. | |
Title | Low Privilege User can View Images on the Host Machine by using the PDF Export feature in Splunk Classic Dashboard | |
Weaknesses | CWE-284 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Splunk
Published: 2024-10-14T17:03:30.412Z
Updated: 2024-12-10T18:00:40.337Z
Reserved: 2024-09-05T21:35:21.290Z
Link: CVE-2024-45734
Vulnrichment
Updated: 2024-10-15T17:36:34.081Z
NVD
Status : Analyzed
Published: 2024-10-14T17:15:11.850
Modified: 2024-10-16T22:20:57.687
Link: CVE-2024-45734
Redhat
No data.